Executive Summary:Officials from San Diego County and Hewlett Packard are investigating a Denial of Service Attack on the County's main public-facing website in June of 2012. This disturbance was on election night for the county and resulted in restricted public access to voting results during a peak traffic period. The disruption began shortly after 8 pm on election night when an unusual amount of online traffic from a single unknown IP address was detected. The number of hits jumped well over one million per minute and continued at that level. The disruption occurred when the County's firewall recognized the activity and closed all outside access to the County's website for security purposes. It was determined that the attack did not crash the County's website but, instead the firewall detected the activity and properly blocked any additional threats. The attack caused all outside users to be denied access to the website until around 10 pm. The website was still run internally and information was updated accordingly. The County and Hewlett Packard are working closely to investigate who or what may have been responsible and what can be done to prevent this attack in the future.
Analysis: Denial of Service Attacks (DOS) are one of the most common types of network-based attacks which make a server or network unavailable to legitimate users. They are a way of reducing availability. In the case of the San Diego County website the attack was not harmful to the county because the county's firewall detected the unusual amount of activity and shut down all access to the website to avoid any potential harm. This made the DOS attack successful because it denied the access of the legitimate users but the firewall was able to stop the potential for continued harm by denying service to all external users. There are three methods of defending against DOS attacks: Black-holing, Validating the Handshake, and Rate Limiting. The County's firewall did not use these techniques.
Analysis: Denial of Service Attacks (DOS) are one of the most common types of network-based attacks which make a server or network unavailable to legitimate users. They are a way of reducing availability. In the case of the San Diego County website the attack was not harmful to the county because the county's firewall detected the unusual amount of activity and shut down all access to the website to avoid any potential harm. This made the DOS attack successful because it denied the access of the legitimate users but the firewall was able to stop the potential for continued harm by denying service to all external users. There are three methods of defending against DOS attacks: Black-holing, Validating the Handshake, and Rate Limiting. The County's firewall did not use these techniques.